From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <71b465e856dfbd4b3ce36c3a3ae6bf03@felloff.net>
Date: Thu, 24 Dec 2015 17:45:02 +0100
From: cinap_lenrek@felloff.net
To: 9fans@9fans.net
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: [9fans] using tls-psk cipher suits vs roll our own handshake
Topicbox-Message-UUID: 7adf3084-ead9-11e9-9d60-3106f5b1d025

plan9 currently uses the shared secret from the authentication
process with ssl and rc4 cipher for encrypting traffic for
exportfs and the cpu services (pushssl()). the cipher can be
changed by the client by providing command line parameters,
tho there is no real negotiation going on. if the server
doesnt like the cipher from the client, the connection just
breaks.

when switching to tls, we have a few options:

1) do as we do with ssl, client sends what cipher and hash alg
it wants as a string before calling pushtls().

2) use fixed cipher like chacha20/poly1305 aead unconditionally.

3) use fixed cipher initially, and after that, renegotiate
cipher (devtls can change secrets and ciphers inband).

4) use standard tls handshake with PSK cipher suits.

5) make our own little cipher negotiation handshake protocol.

suggestions?

--
cinap